Red team and penetration testers - consultant

Posted: Sept. 2, 2021, 10:42 a.m. - Full Time - Chennai


  1. Should have minimum 2yrs of information security experience (client serving candidates preferred) in conducting application/network security assessments – We are looking for candidates across all experiences, Candidates with relevant experience and skill set will be treated accordingly.
  2. Certifications like OSCP, SANS GPEN, CISSP or any other industry accredited security certifications would be preferred
  3. Good interpersonal, problem solving, reasoning and analytical skills

Duties and Responsibilities:

  1. Technical execution and the quality of the deliverables for the engagements
  2. Promote the development of the team by providing constructive on-the-job feedback/coaching to team members
  3. Demonstrate ability to quickly assimilate to new knowledge.


  1. Experience in conducting Red Team assessments, APT attack simulations, etc
  2. Web Application Security Assessment - In-depth knowledge of web application attacks and defense strategies (SQL injection, XSS cross-site scripting, CSRF, logic flaws, etc) and Thick client applications, mobile applications (VAS), ERP applications (SAP, etc)
  3. Experience in Internal & External Penetration Testing on Network Infrastructure (including Servers, firewalls, Routers, switches, etc) including conducting wireless security assessment
  4. Should have a good understanding of application level attacks with hands on experience in discovering and exploiting issues with/without the assistance of tools.
  5. Security Focused Code Review of Applications (at least one of the following languages C, C++, Java, .NET)
  6. Experience with network penetration testing tools such as nessus, nmap, core impact, metasploit, and similar
  7. Experience with analyzing Router, Switches, Firewall rule base focused on security.
  8. Experience on Virtualization technologies (VMware), SAP network security. Telecom network security, VOIP, Cloud security (AWS, Azure), IOT, DevSecOps
  9. Experience in Security Architecture Review
  10. Understanding of application security guidelines/requirements from OWASP, PCI/DSS, etc
  11. Proficiency with understanding and writing/modifying exploits.